$_SESSION, Logout, and Shared Host

> Hi.  I recently migrated my web app from my personal server to a  
> (*way* more powerful) shared server, where one of my colleagues also  
> hosts his app.  Both were written in PHP.  Due to neither one of us  
> having run into this before, if you are logged in to both apps at  
> the same time from the same browser (which happens; we share more  
> than a few students in common), and log out of one, you get logged  
> out of the other.  In my code, the logout routine is as follows:
>
> foreach( $_SESSION as $key=>$value ) {
>     unset( $_SESSION[ $key ] );
> }
>
> And his code is essentially the same (I think he might use a  
> session_destroy() or something).
>
> I know that if I add a layer to $_SESSION, like creating  
> $_SESSION[ 'my_app' ][ keys... ], and then only unset those upon  
> logout, I will prevent my students from logging out of any app other  
> than my own.  But that's a lot of code to change (not the logout  
> code, that's easy; but all the places I check to see if someone's  
> logged in) and besides, I imagine there has to be a better way.
>
> Please pretend that using a different physical or virtual server is  
> not possible, because it's essentially not (yay county budget!), so:  
> what's the PHP way to solve this problem?  Is there some way we can  
> namespace-ize our $_SESSION variables or something?
>
> Thanks,
> -Chris
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation

> On Wed, Nov 4, 2009 at 8:16 PM, Tim Lieberman <tim_lists@...
> <mailto:tim_lists@...>> wrote:
>
>     It sounds like both applications are running on the same domain.
>      If that's not the case, something else is going on.
>
>
> They are running on the same domain.
>  
>
>     You have a couple of options, none of which might make you happy.
>
>     1) In your app, use a custom session name
>     (session_name('MYSESSID') before you call session_start()).
>
>
> Judging from the errors I got, it seems like I may have to do that
> before *every* call to session_start(), which is Big Oh of the amount
> of work in adding a layer to $_SESSION.
>  
>
>     This should work nicely, unless you need to share session data
>     with your colleage's appication.
>
>
> No, we need to not share data with each other -- if you're submitting
> assignments in ITE 101, you don't want to accidentally overwrite what
> you already submitted for CSC 101, for example.
>  
>
>     However, a global find/replace to replace $_SESSION with
>     $_SESSION['someKey'] will probably do the trick, and not be too
>     painful.
>
>
> Yeah, I can do that with find, xargs, and sed.  Thanks for the advice.
> -c
> ------------------------------------------------------------------------
>
> _______________________________________________
> New York PHP Users Group Community Talk Mailing List
> http://lists.nyphp.org/mailman/listinfo/talk
>
> http://www.nyphp.org/Show-Participation

> On Wed, Nov 4, 2009 at 8:16 PM, Tim Lieberman <tim_lists@...
> <mailto:tim_lists@...>> wrote:
>
>     It sounds like both applications are running on the same domain.
>      If that's not the case, something else is going on.
>
>
> They are running on the same domain.
>  
>
>     You have a couple of options, none of which might make you happy.
>
>     1) In your app, use a custom session name
>     (session_name('MYSESSID') before you call session_start()).
>
>
> Judging from the errors I got, it seems like I may have to do that
> before *every* call to session_start(), which is Big Oh of the amount
> of work in adding a layer to $_SESSION.
>